Hi Cynthia

Having duplicate copies of personal data spread around a public database is probably not inkeeping with the principles of GDPR. Cleaning that up would be possible but not trivial. They have to be identified and may have different maintainers who would have to be contacted.

Un-referenced PERSON objects (and PERSON/MNTNER pairs) are already deleted automatically after 90 days. So this 2 million+ does not include any of them.

cheers
denis
co-chair DB-WG



From: Cynthia Revström via db-wg <db-wg@ripe.net>
To: db-wg@ripe.net
Sent: Thursday, 20 September 2018, 15:23
Subject: Re: [db-wg] PERSON objects in the RIPE Database

Hi,

I am not sure how the best way to do this but maybe check the database
for person handles with identical name, address, phone number and such
things.

Also maybe if we could take a look at the amount of person handles that
are not used at all in any other object, and potentially delete them.

Kind regards,
Cynthia Revström

On 2018-09-20 14:57, Alexander Stranzky via db-wg wrote:
> On 20/09/2018 15:04, denis walker via db-wg wrote:
>> Colleagues,
>>
>> I will start with a blunt question, then give some arguments for my
>> concern. In May the RIPE NCC told me there are?more than 2 million
>> PERSON objects in the RIPE Database. That is almost 25% of the objects
>> in the database. Who are these people and why do we hold so much
>> personal data?
> Hello,
>
> I suspect that many of these objects are old (pre-API) and/or
> duplicates. Before RIPE had a REST API (and I can't tell how many ISPs
> still use emails to create their resources) automatically fetching,
> linking, and updating a RIPE object was a pain (as is the current
> situation with APNIC) and likely involved someone to create the email
> personally. Hence going the easy route--making new entries every time.
>
> Regards,
> Alexander Stranzky
>